git.ipfire.org Git - thirdparty/util-linux.git/commit

author	Chris Webb <chris@arachsys.com>
	Sun, 14 Dec 2025 23:18:33 +0000 (23:18 +0000)
committer	Chris Webb <chris@arachsys.com>
	Mon, 15 Dec 2025 08:28:02 +0000 (08:28 +0000)
commit	926b207cae709b05ba53acf0ee4b88e529d51729
tree	4658939e8f94ccc57bb7e308e4b36ef046675a65	tree
parent	e0d602bab9354e8225f2b0ca063dd449caa64e1c	commit \| diff

unshare: add --owner to set user namespace owner uid and gid

As well as the mappings between lower and upper ids, a user namespace is
associated with an owner user and group in its parent. These are set from
the uid and gid when the unshare() call is made, and determine which user
in the parent namespace has CAP_SYS_ADMIN in the child and can setns()
into it.

Add an --owner=<uid>:<gid> option which allows a privileged user to
create a user namespace on behalf of another user, mapping parent ids
and/or bind-mounting the namespace with privileges that the new owner
would not have.

Simplify the control flow around map_ids_from_child() vs mapping them
inline to avoid too many special cases. We reset mapuser and mapgroup to
-1 to signal that the mapping has been delegated to the child helper.

For completeness, we maintain the semantics of --map-root-user and
--map-current-user, binding the invoking user to root or itself in the
new namespace. However, when --owner is used, these must be handled by
a forked child as with --map-users and --map-groups.

Signed-off-by: Chris Webb <chris@arachsys.com>

bash-completion/unshare		diff \| blob \| blame \| history
sys-utils/unshare.1.adoc		diff \| blob \| blame \| history
sys-utils/unshare.c		diff \| blob \| blame \| history